pam_deny(5) Standards, Environments, and Macros pam_deny(5)NAMEpam_deny - PAM authentication, account, session and password management
PAM module to deny operations
SYNOPSIS
pam_deny.so.1
DESCRIPTION
The pam_deny module implements all the PAM service module functions and
returns the module type default failure return code for all calls.
The following options are interpreted:
debug Provides syslog(3C) debugging information at the
LOG_AUTH|LOG_DEBUG levels
ERRORS
The following error codes are returned:
PAM_ACCT_EXPIRED If pam_sm_acct_mgmt is called.
PAM_AUTH_ERR If pam_sm_authenticate is called.
PAM_AUTHOK_ERR If pam_sm_chauthtok is called.
PAM_CRED_ERR If pam_sm_setcred is called.
PAM_SESSION_ERR If pam_sm_open_session or pam_sm_close_session is
called.
EXAMPLES
Example 1 Disallowing ssh none authentication
sshd-none auth requisite pam_deny.so.1
sshd-none account requisite pam_deny.so.1
sshd-none session requisite pam_deny.so.1
sshd-none password requisite pam_deny.so.1
Example 2 Disallowing any service not explicitly defined
other auth requisite pam_deny.so.1
other account requisite pam_deny.so.1
other session requisite pam_deny.so.1
other password requisite pam_deny.so.1
ATTRIBUTES
See attributes(5) for a description of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
├─────────────────────────────┼─────────────────────────────┤
│MT Level │MT-Safe with exceptions │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOsu(1M), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), syslog(3C),
pam.conf(4), nsswitch.conf(4), attributes(5), pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5),
pam_unix_session(5), privileges(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
The pam_deny module is intended to deny access to a specified service.
The other service name may be used to deny access to services not
explicitly specified.
SunOS 5.10 16 Jun 2005 pam_deny(5)